How To Block All Internet Traffic / Connections If Not Connected to a VPNMONDAY, MAY 16, 2011
This post will outline a method using the Windows 7 Firewall to block all Internet traffic unless you are connected to your VPN.
This post assumes you have already followed the steps in the earlier post, How to only use the VPN Connection and Block ISP
If you implement these rules, your system will have no Internet access unless you are connected to your VPN. That is to say, your system will be connected to the Internet, but no traffic can get in or out unless specifically permitted by a separate firewall rule. If a rule allowing an application exists, that application's traffic will still be able to pass through the firewall.
I have used these rules on my system without ill effect (Windows 7 Home Premium 64-bit). Depending on what other applications you use, you will likely have to create additional rules. If you break your system, don't blame me. Always back up before messing with system settings, and take notes as you go.
It is possible this method could still potentially leak data by way of the system process svchost.exe. If you attempt to block svchost.exe
, your PC will not be able to communicate with your router/modem, and you really will have blocked all network functionality - i.e. nothing will work.
That being said, I have monitored VPN disconnects using TCPView
and spotted no leaks - just all processes (including system processes) engaged in Internet traffic instantly changing from ESTABLISHED to TIME_WAIT, and shortly thereafter vanishing.
If this method is too restrictive / complex for you (or if you use Windows XP / 2000 or Mac OS X), you may wish to consider using a VPN service offering a VPN client that allows you to securely bind applications to the VPN, such as HideMyAss:Steps
1. Open Windows Firewall with Advanced Security (in this guide, start at step #4
2. Select Inbound Rules. The New Inbound Rule Wizard will appear.
3. Select Custom Rule (see below).
4. Select All Programs.
5. Select Any IP Address, for both Local and Remote.
6. Select Block The Connection (see below).
7. Select Domain and Private, leaving Private and Public unticked (see below)
8. Name your rule and click Finish. Repeat steps 1 through 8 for Outbound Rules.
9. In the Windows Firewall with Advanced Security window, select Windows Firewall Properties (see below).
10. In the resulting window, choose to block both inbound and outbound traffic for the Domain and Private profiles (see below). You may also want to block outbound traffic on the Public profile as well, but you will need to create specific allow rules for every application that needs Internet access.
You should test your configuration at this point to ensure it is working. Connect to your VPN, start up some downloads, and disconnect. All traffic should die immediately.